Description:
A vulnerability was reported in wpa_supplicant. A remote user can cause denial of service conditions on the target system.

A remote user can send specially crafted unauthenticated EAPOL-Key frame data to modify the Group Transient Key (GTK) on the target system, preventing the target system from accepting group-addressed frames.

Systems where WPA2/RSN style of EAPOL-Key construction is used with TKIP negotiated as the pairwise cipher (which should not be done) are affected.

Mathy Vanhoef of the imec-DistriNet research group of KU Leuven reported this vulnerability.